Re: commit review for 2.4.39

[Howard Chu <hyc@symas.com>]

Michael StrÃder wrote:
> Quanah Gibson-Mount wrote:
> > --On Friday, January 10, 2014 11:18 AM +0100 Michael StrÃder
> > <michael@stroeder.com> wrote:
> > > Hmm, ITS#7683 was meant to show which clients are connecting with Perfect
> > > Forward Secrecy.
> >
> > The change does not apply cleanly and results in a substantial number of merge
> > issues.  Given this, it will not be merged into the RE24 branch.  It will be
> > part of 2.5.
>
> I can't believe that the OpenLDAP project wants to postpone such a important
> feature for another year or two (until 2.5 stable release). Today all mail and
> HTTP servers can log the TLS cipher negotiated for a connection. It's a really
> urgent feature to centrally examine existing client configurations.

2.4 is in feature freeze. We tried to accomodate your request, despite the 
freeze, but the code changes are too extensive. The idea here is to quit 
making any major upheavals in the 2.4 branch, not keep adding them in perpetuity.

Examining client configuration really isn't even relevant. If you want to 
ensure that a secure cipher is negotiated, then configure a narrower set of 
supported ciphers. This is hardly as critical a feature as you make it out to be.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/